Repository: incubator-ranger Updated Branches: refs/heads/master 73387f30c -> d27cacd7d
RANGER-178 - Ranger Admin server side service code for Solr Plugin Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/2dc01d08 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/2dc01d08 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/2dc01d08 Branch: refs/heads/master Commit: 2dc01d08b27e31a3af260b71f59a9585d853c5c3 Parents: 60a235c Author: Don Bosco Durai <[email protected]> Authored: Mon Mar 30 17:23:35 2015 -0700 Committer: Don Bosco Durai <[email protected]> Committed: Mon Mar 30 17:23:35 2015 -0700 ---------------------------------------------------------------------- .../service-defs/ranger-servicedef-solr.json | 121 ++++++++ plugin-solr/.gitignore | 1 + .../conf/ranger-policymgr-ssl-changes.cfg | 23 ++ plugin-solr/conf/ranger-policymgr-ssl.xml | 63 ++++ plugin-solr/conf/ranger-solr-audit-changes.cfg | 36 +++ plugin-solr/conf/ranger-solr-audit.xml | 187 ++++++++++++ .../conf/ranger-solr-security-changes.cfg | 26 ++ plugin-solr/conf/ranger-solr-security.xml | 67 +++++ plugin-solr/pom.xml | 56 ++++ plugin-solr/scripts/install.properties | 112 +++++++ .../scripts/solr-plugin-install.properties | 23 ++ .../solr/authorizer/RangerSolrAuthorizer.java | 37 +++ .../ranger/services/solr/RangerServiceSolr.java | 78 +++++ .../services/solr/client/ServiceSolrClient.java | 292 +++++++++++++++++++ .../solr/client/ServiceSolrConnectionMgr.java | 60 ++++ pom.xml | 4 +- .../java/org/apache/ranger/biz/ServiceMgr.java | 4 +- .../main/resources/sample.xa_system.properties | 7 + src/main/assembly/plugin-solr.xml | 157 ++++++++++ 19 files changed, 1352 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/agents-common/src/main/resources/service-defs/ranger-servicedef-solr.json ---------------------------------------------------------------------- diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-solr.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-solr.json new file mode 100644 index 0000000..e66f2b3 --- /dev/null +++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-solr.json @@ -0,0 +1,121 @@ +{ + "name":"solr", + "implClass":"org.apache.ranger.services.solr.RangerServiceSolr", + "label":"SOLR", + "description":"Solr", + "resources":[ + { + "name":"collection", + "type":"string", + "level":1, + "parent":"", + "mandatory":true, + "lookupSupported":true, + "recursiveSupported":false, + "excludesSupported":true, + "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions":"wildCard=true;ignoreCase=true", + "validationRegEx":"", + "validationMessage":"", + "uiHint":"", + "label":"Solr Collection", + "description":"Solr Collection" + }, + { + "name":"field", + "type":"string", + "level":2, + "parent":"collection", + "mandatory":true, + "lookupSupported":true, + "recursiveSupported":false, + "excludesSupported":true, + "matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions":"wildCard=true;ignoreCase=true", + "validationRegEx":"", + "validationMessage":"", + "uiHint":"", + "label":"Field", + "description":"Field" + } + + ], + "accessTypes":[ + { + "name":"create", + "label":"Create" + }, + { + "name":"update", + "label":"Update" + }, + { + "name":"query", + "label":"Query" + }, + { + "name":"admin", + "label":"Admin" + } + + ], + "configs":[ + { + "name":"username", + "type":"string", + "mandatory":true, + "validationRegEx":"", + "validationMessage":"", + "uiHint":"", + "label":"Username" + }, + { + "name":"password", + "type":"password", + "mandatory":true, + "validationRegEx":"", + "validationMessage":"", + "uiHint":"", + "label":"Password" + }, + { + "name":"solr.url", + "type":"string", + "mandatory":true, + "defaultValue":"", + "validationRegEx":"", + "validationMessage":"", + "uiHint":"", + "label":"Solr URL" + }, + { + "name":"certificate.cn", + "type":"string", + "mandatory":false, + "validationRegEx":"", + "validationMessage":"", + "uiHint":"", + "label":"Common Name for Certificate" + } + + ], + "enums":[ + + ], + "contextEnrichers":[ + + ], + "policyConditions":[ + { + "name":"ip-range", + "evaluator":"org.apache.ranger.plugin.conditionevaluator.RangerIpMatcher", + "evaluatorOptions":"", + "validationRegEx":"", + "validationMessage":"", + "uiHint":"", + "label":"IP Address Range", + "description":"IP Address Range" + } + + ] +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/plugin-solr/.gitignore ---------------------------------------------------------------------- diff --git a/plugin-solr/.gitignore b/plugin-solr/.gitignore new file mode 100644 index 0000000..ea8c4bf --- /dev/null +++ b/plugin-solr/.gitignore @@ -0,0 +1 @@ +/target http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/plugin-solr/conf/ranger-policymgr-ssl-changes.cfg ---------------------------------------------------------------------- diff --git a/plugin-solr/conf/ranger-policymgr-ssl-changes.cfg b/plugin-solr/conf/ranger-policymgr-ssl-changes.cfg new file mode 100644 index 0000000..ec4eeab --- /dev/null +++ b/plugin-solr/conf/ranger-policymgr-ssl-changes.cfg @@ -0,0 +1,23 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SSL Params +# +xasecure.policymgr.clientssl.keystore %SSL_KEYSTORE_FILE_PATH% mod create-if-not-exists +xasecure.policymgr.clientssl.keystore.password %SSL_KEYSTORE_PASSWORD% mod create-if-not-exists +xasecure.policymgr.clientssl.keystore.credential.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists +xasecure.policymgr.clientssl.truststore %SSL_TRUSTSTORE_FILE_PATH% mod create-if-not-exists +xasecure.policymgr.clientssl.truststore.password %SSL_TRUSTSTORE_PASSWORD% mod create-if-not-exists +xasecure.policymgr.clientssl.truststore.credential.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/plugin-solr/conf/ranger-policymgr-ssl.xml ---------------------------------------------------------------------- diff --git a/plugin-solr/conf/ranger-policymgr-ssl.xml b/plugin-solr/conf/ranger-policymgr-ssl.xml new file mode 100644 index 0000000..dcadc52 --- /dev/null +++ b/plugin-solr/conf/ranger-policymgr-ssl.xml @@ -0,0 +1,63 @@ +<?xml version="1.0"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<configuration xmlns:xi="http://www.w3.org/2001/XInclude";> + <!-- The following properties are used for 2-way SSL client server validation --> + <property> + <name>xasecure.policymgr.clientssl.keystore</name> + <value>solrdev-clientcert.jks</value> + <description> + Java Keystore files + </description> + </property> + <property> + <name>xasecure.policymgr.clientssl.keystore.password</name> + <value>none</value> + <description> + password for keystore + </description> + </property> + <property> + <name>xasecure.policymgr.clientssl.truststore</name> + <value>cacerts-xasecure.jks</value> + <description> + java truststore file + </description> + </property> + <property> + <name>xasecure.policymgr.clientssl.truststore.password</name> + <value>none</value> + <description> + java truststore password + </description> + </property> + <property> + <name>xasecure.policymgr.clientssl.keystore.credential.file</name> + <value>jceks://file/tmp/keystore-solrdev-ssl.jceks</value> + <description> + java keystore credential file + </description> + </property> + <property> + <name>xasecure.policymgr.clientssl.truststore.credential.file</name> + <value>jceks://file/tmp/truststore-solrdev-ssl.jceks</value> + <description> + java truststore credential file + </description> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/plugin-solr/conf/ranger-solr-audit-changes.cfg ---------------------------------------------------------------------- diff --git a/plugin-solr/conf/ranger-solr-audit-changes.cfg b/plugin-solr/conf/ranger-solr-audit-changes.cfg new file mode 100644 index 0000000..7c0c430 --- /dev/null +++ b/plugin-solr/conf/ranger-solr-audit-changes.cfg @@ -0,0 +1,36 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +xasecure.audit.db.is.enabled %XAAUDIT.DB.IS_ENABLED% mod create-if-not-exists +xasecure.audit.jpa.javax.persistence.jdbc.url %XAAUDIT_DB_JDBC_URL% mod create-if-not-exists +xasecure.audit.jpa.javax.persistence.jdbc.user %XAAUDIT.DB.USER_NAME% mod create-if-not-exists +xasecure.audit.jpa.javax.persistence.jdbc.password crypted mod create-if-not-exists +xasecure.audit.credential.provider.file jceks://file%CREDENTIAL_PROVIDER_FILE% mod create-if-not-exists +xasecure.audit.jpa.javax.persistence.jdbc.driver %XAAUDIT_DB_JDBC_DRIVER% mod create-if-not-exists + +xasecure.audit.hdfs.is.enabled %XAAUDIT.HDFS.IS_ENABLED% mod create-if-not-exists +xasecure.audit.hdfs.config.destination.directory %XAAUDIT.HDFS.DESTINATION_DIRECTORY% mod create-if-not-exists +xasecure.audit.hdfs.config.destination.file %XAAUDIT.HDFS.DESTINTATION_FILE% mod create-if-not-exists +xasecure.audit.hdfs.config.destination.flush.interval.seconds %XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS% mod create-if-not-exists +xasecure.audit.hdfs.config.destination.rollover.interval.seconds %XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS% mod create-if-not-exists +xasecure.audit.hdfs.config.destination.open.retry.interval.seconds %XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS% mod create-if-not-exists +xasecure.audit.hdfs.config.local.buffer.directory %XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY% mod create-if-not-exists +xasecure.audit.hdfs.config.local.buffer.file %XAAUDIT.HDFS.LOCAL_BUFFER_FILE% mod create-if-not-exists +xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds %XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS% mod create-if-not-exists +xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds %XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS% mod create-if-not-exists +xasecure.audit.hdfs.config.local.archive.directory %XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY% mod create-if-not-exists +xasecure.audit.hdfs.config.local.archive.max.file.count %XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT% mod create-if-not-exists + +xasecure.audit.solr.is.enabled %XAAUDIT.SOLR.IS_ENABLED% mod create-if-not-exists +xasecure.audit.solr.solr_url %XAAUDIT.SOLR.SOLR_URL% mod create-if-not-exists http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/plugin-solr/conf/ranger-solr-audit.xml ---------------------------------------------------------------------- diff --git a/plugin-solr/conf/ranger-solr-audit.xml b/plugin-solr/conf/ranger-solr-audit.xml new file mode 100644 index 0000000..d27f062 --- /dev/null +++ b/plugin-solr/conf/ranger-solr-audit.xml @@ -0,0 +1,187 @@ +<?xml version="1.0"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<configuration xmlns:xi="http://www.w3.org/2001/XInclude";> + <property> + <name>xasecure.audit.is.enabled</name> + <value>true</value> + </property> + + + <!-- DB audit provider configuration --> + <property> + <name>xasecure.audit.db.is.enabled</name> + <value>false</value> + </property> + + <property> + <name>xasecure.audit.db.is.async</name> + <value>true</value> + </property> + + <property> + <name>xasecure.audit.db.async.max.queue.size</name> + <value>10240</value> + </property> + + <property> + <name>xasecure.audit.db.async.max.flush.interval.ms</name> + <value>30000</value> + </property> + + <property> + <name>xasecure.audit.db.batch.size</name> + <value>100</value> + </property> + + <!-- Properties whose name begin with "xasecure.audit.jpa." are used to configure JPA --> + <property> + <name>xasecure.audit.jpa.javax.persistence.jdbc.url</name> + <value>jdbc:mysql://localhost:3306/ranger_audit</value> + </property> + + <property> + <name>xasecure.audit.jpa.javax.persistence.jdbc.user</name> + <value>rangerlogger</value> + </property> + + <property> + <name>xasecure.audit.jpa.javax.persistence.jdbc.password</name> + <value>none</value> + </property> + + <property> + <name>xasecure.audit.jpa.javax.persistence.jdbc.driver</name> + <value>com.mysql.jdbc.Driver</value> + </property> + + <property> + <name>xasecure.audit.credential.provider.file</name> + <value>jceks://file/etc/ranger/solrdev/auditcred.jceks</value> + </property> + + + + <!-- HDFS audit provider configuration --> + <property> + <name>xasecure.audit.hdfs.is.enabled</name> + <value>false</value> + </property> + + <property> + <name>xasecure.audit.hdfs.is.async</name> + <value>true</value> + </property> + + <property> + <name>xasecure.audit.hdfs.async.max.queue.size</name> + <value>1048576</value> + </property> + + <property> + <name>xasecure.audit.hdfs.async.max.flush.interval.ms</name> + <value>30000</value> + </property> + + <property> + <name>xasecure.audit.hdfs.config.encoding</name> + <value></value> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.directory</name> + <value>hdfs://NAMENODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd%</value> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.file</name> + <value>%hostname%-audit.log</value> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.flush.interval.seconds</name> + <value>900</value> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.rollover.interval.seconds</name> + <value>86400</value> + </property> + + <property> + <name>xasecure.audit.hdfs.config.destination.open.retry.interval.seconds</name> + <value>60</value> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.directory</name> + <value>/var/log/solr/audit</value> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.file</name> + <value>%time:yyyyMMdd-HHmm.ss%.log</value> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.file.buffer.size.bytes</name> + <value>8192</value> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.flush.interval.seconds</name> + <value>60</value> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds</name> + <value>600</value> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.archive.directory</name> + <value>/var/log/solr/audit/archive</value> + </property> + + <property> + <name>xasecure.audit.hdfs.config.local.archive.max.file.count</name> + <value>10</value> + </property> + + + <!-- Log4j audit provider configuration --> + <property> + <name>xasecure.audit.log4j.is.enabled</name> + <value>false</value> + </property> + + <property> + <name>xasecure.audit.log4j.is.async</name> + <value>false</value> + </property> + + <property> + <name>xasecure.audit.log4j.async.max.queue.size</name> + <value>10240</value> + </property> + + <property> + <name>xasecure.audit.log4j.async.max.flush.interval.ms</name> + <value>30000</value> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/plugin-solr/conf/ranger-solr-security-changes.cfg ---------------------------------------------------------------------- diff --git a/plugin-solr/conf/ranger-solr-security-changes.cfg b/plugin-solr/conf/ranger-solr-security-changes.cfg new file mode 100644 index 0000000..ed8a509 --- /dev/null +++ b/plugin-solr/conf/ranger-solr-security-changes.cfg @@ -0,0 +1,26 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Change the original policy parameter to work with policy manager based. +# +# +ranger.plugin.solr.service.name %REPOSITORY_NAME% mod create-if-not-exists + +ranger.plugin.solr.policy.source.impl org.apache.ranger.admin.client.RangerAdminRESTClient mod create-if-not-exists + +ranger.plugin.solr.policy.rest.url %POLICY_MGR_URL% mod create-if-not-exists +ranger.plugin.solr.policy.rest.ssl.config.file /etc/solr/conf/ranger-policymgr-ssl.xml mod create-if-not-exists +ranger.plugin.solr.policy.pollIntervalMs 30000 mod create-if-not-exists +ranger.plugin.solr.policy.cache.dir %POLICY_CACHE_FILE_PATH% mod create-if-not-exists http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/plugin-solr/conf/ranger-solr-security.xml ---------------------------------------------------------------------- diff --git a/plugin-solr/conf/ranger-solr-security.xml b/plugin-solr/conf/ranger-solr-security.xml new file mode 100644 index 0000000..c865749 --- /dev/null +++ b/plugin-solr/conf/ranger-solr-security.xml @@ -0,0 +1,67 @@ +<?xml version="1.0"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<?xml-stylesheet type="text/xsl" href="configuration.xsl"?> +<configuration xmlns:xi="http://www.w3.org/2001/XInclude";> + <property> + <name>ranger.plugin.solr.service.name</name> + <value>solrdev</value> + <description> + Name of the Ranger service containing policies for this SOLR instance + </description> + </property> + + <property> + <name>ranger.plugin.solr.policy.source.impl</name> + <value>org.apache.ranger.admin.client.RangerAdminRESTClient</value> + <description> + Class to retrieve policies from the source + </description> + </property> + + <property> + <name>ranger.plugin.solr.policy.rest.url</name> + <value>http://policymanagerhost:port</value> + <description> + URL to Ranger Admin + </description> + </property> + + <property> + <name>ranger.plugin.solr.policy.rest.ssl.config.file</name> + <value>/etc/solr/conf/ranger-policymgr-ssl.xml</value> + <description> + Path to the file containing SSL details to contact Ranger Admin + </description> + </property> + + <property> + <name>ranger.plugin.solr.policy.pollIntervalMs</name> + <value>30000</value> + <description> + How often to poll for changes in policies? + </description> + </property> + + <property> + <name>ranger.plugin.solr.policy.cache.dir</name> + <value>/etc/ranger/solrdev/policycache</value> + <description> + Directory where Ranger policies are cached after successful retrieval from the source + </description> + </property> +</configuration> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/plugin-solr/pom.xml ---------------------------------------------------------------------- diff --git a/plugin-solr/pom.xml b/plugin-solr/pom.xml new file mode 100644 index 0000000..54bcafa --- /dev/null +++ b/plugin-solr/pom.xml @@ -0,0 +1,56 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> + <modelVersion>4.0.0</modelVersion> + <groupId>security_plugins.ranger-solr-plugin</groupId> + <artifactId>ranger-solr-plugin</artifactId> + <name>SOLR Security Plugin</name> + <description>SOLR Security Plugin</description> + <packaging>jar</packaging> + <properties> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + </properties> + <parent> + <groupId>org.apache.ranger</groupId> + <artifactId>ranger</artifactId> + <version>0.5.0</version> + <relativePath>..</relativePath> + </parent> + <dependencies> + <dependency> + <groupId>security_plugins.ranger-plugins-common</groupId> + <artifactId>ranger-plugins-common</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>security_plugins.ranger-plugins-audit</groupId> + <artifactId>ranger-plugins-audit</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.apache.ranger</groupId> + <artifactId>credentialbuilder</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.apache.ranger</groupId> + <artifactId>ranger_solrj</artifactId> + <version>${project.version}</version> + </dependency> + </dependencies> +</project> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/plugin-solr/scripts/install.properties ---------------------------------------------------------------------- diff --git a/plugin-solr/scripts/install.properties b/plugin-solr/scripts/install.properties new file mode 100644 index 0000000..6a84c19 --- /dev/null +++ b/plugin-solr/scripts/install.properties @@ -0,0 +1,112 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# +# Location of Policy Manager URL +# +# Example: +# POLICY_MGR_URL=http://policymanager.xasecure.net:6080 +# +POLICY_MGR_URL= + +# +# Location of db client library (please check the location of the jar file) +# +# Example: +# SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar +# SQL_CONNECTOR_JAR=/usr/share/java/ojdbc6.jar +# +SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar + +# +# This is the repository name created within policy manager +# +# Example: +# REPOSITORY_NAME=solrdev +# +REPOSITORY_NAME= + +# +# AUDIT DB Configuration +# +# This information should match with the one you specified during the PolicyManager Installation +# +# Example: +# XAAUDIT.DB.IS_ENABLED=true +# XAAUDIT.DB.FLAVOUR=MYSQL +# XAAUDIT.DB.FLAVOUR=ORACLE +# XAAUDIT.DB.HOSTNAME=localhost +# XAAUDIT.DB.DATABASE_NAME=ranger_audit +# XAAUDIT.DB.USER_NAME=rangerlogger +# XAAUDIT.DB.PASSWORD=rangerlogger +# +XAAUDIT.DB.IS_ENABLED=false +XAAUDIT.DB.FLAVOUR=MYSQL +XAAUDIT.DB.HOSTNAME= +XAAUDIT.DB.DATABASE_NAME= +XAAUDIT.DB.USER_NAME= +XAAUDIT.DB.PASSWORD= + +# +# Audit to HDFS Configuration +# +# If XAAUDIT.HDFS.IS_ENABLED is set to true, please replace tokens +# that start with __REPLACE__ with appropriate values +# XAAUDIT.HDFS.IS_ENABLED=true +# XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd% +# XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=__REPLACE__LOG_DIR/solr/audit +# XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=__REPLACE__LOG_DIR/solr/audit/archive +# +# Example: +# XAAUDIT.HDFS.IS_ENABLED=true +# XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://namenode.example.com:8020/ranger/audit/%app-type%/%time:yyyyMMdd% +# XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=/var/log/solr/audit +# XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=/var/log/solr/audit/archive +# +XAAUDIT.HDFS.IS_ENABLED=false +XAAUDIT.HDFS.DESTINATION_DIRECTORY=hdfs://__REPLACE__NAME_NODE_HOST:8020/ranger/audit/%app-type%/%time:yyyyMMdd% +XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=__REPLACE__LOG_DIR/solr/audit +XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=__REPLACE__LOG_DIR/solr/audit/archive + +XAAUDIT.HDFS.DESTINTATION_FILE=%hostname%-audit.log +XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS=900 +XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS=86400 +XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS=60 +XAAUDIT.HDFS.LOCAL_BUFFER_FILE=%time:yyyyMMdd-HHmm.ss%.log +XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS=60 +XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS=600 +XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT=10 + +#Solr Audit Provder +XAAUDIT.SOLR.IS_ENABLED=false +XAAUDIT.SOLR.MAX_QUEUE_SIZE=1 +XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS=1000 +XAAUDIT.SOLR.SOLR_URL=http://localhost:6083/solr/ranger_audits + +# +# SSL Client Certificate Information +# +# Example: +# SSL_KEYSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-keystore.jks +# SSL_KEYSTORE_PASSWORD=none +# SSL_TRUSTSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-truststore.jks +# SSL_TRUSTSTORE_PASSWORD=none +# +# You do not need use SSL between agent and security admin tool, please leave these sample value as it is. +# +SSL_KEYSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-keystore.jks +SSL_KEYSTORE_PASSWORD=myKeyFilePassword +SSL_TRUSTSTORE_FILE_PATH=/etc/hadoop/conf/ranger-plugin-truststore.jks +SSL_TRUSTSTORE_PASSWORD=changeit http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/plugin-solr/scripts/solr-plugin-install.properties ---------------------------------------------------------------------- diff --git a/plugin-solr/scripts/solr-plugin-install.properties b/plugin-solr/scripts/solr-plugin-install.properties new file mode 100644 index 0000000..a360906 --- /dev/null +++ b/plugin-solr/scripts/solr-plugin-install.properties @@ -0,0 +1,23 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# installation properties for this plugin + +# +# Name of the directory where the component's lib and conf directory exist. +# This location should be relative to the parent of the directory containing +# the plugin installation files. +# +COMPONENT_INSTALL_DIR_NAME=solr http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java ---------------------------------------------------------------------- diff --git a/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java new file mode 100644 index 0000000..8ccc703 --- /dev/null +++ b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java @@ -0,0 +1,37 @@ + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.authorization.solr.authorizer; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +public class RangerSolrAuthorizer /*SolrAuthorizationPlugin*/ { + public static final String ACCESS_TYPE_CREATE = "create"; + public static final String ACCESS_TYPE_UPDATE = "update"; + public static final String ACCESS_TYPE_QUERY = "query"; + public static final String ACCESS_TYPE_ADMIN = "admin"; + + private static final Log LOG = LogFactory.getLog(RangerSolrAuthorizer.class); + + //private static volatile RangerSolrPlugin solrPlugin = null; + + +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/plugin-solr/src/main/java/org/apache/ranger/services/solr/RangerServiceSolr.java ---------------------------------------------------------------------- diff --git a/plugin-solr/src/main/java/org/apache/ranger/services/solr/RangerServiceSolr.java b/plugin-solr/src/main/java/org/apache/ranger/services/solr/RangerServiceSolr.java new file mode 100644 index 0000000..3a43a9e --- /dev/null +++ b/plugin-solr/src/main/java/org/apache/ranger/services/solr/RangerServiceSolr.java @@ -0,0 +1,78 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.services.solr; + +import java.util.HashMap; +import java.util.List; +import org.apache.ranger.plugin.model.RangerService; +import org.apache.ranger.plugin.model.RangerServiceDef; +import org.apache.ranger.plugin.service.RangerBaseService; +import org.apache.ranger.plugin.service.ResourceLookupContext; +import org.apache.ranger.services.solr.client.ServiceSolrClient; +import org.apache.ranger.services.solr.client.ServiceSolrConnectionMgr; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +public class RangerServiceSolr extends RangerBaseService { + + private static final Log LOG = LogFactory.getLog(RangerServiceSolr.class); + + public RangerServiceSolr() { + super(); + } + + @Override + public void init(RangerServiceDef serviceDef, RangerService service) { + super.init(serviceDef, service); + } + + @Override + public HashMap<String, Object> validateConfig() throws Exception { + HashMap<String, Object> ret = new HashMap<String, Object>(); + String serviceName = getServiceName(); + if (LOG.isDebugEnabled()) { + LOG.debug("==> RangerServiceSolr.validateConfig Service: (" + + serviceName + " )"); + } + if (configs != null) { + try { + ret = ServiceSolrConnectionMgr.testConnection(serviceName, + configs); + } catch (Exception e) { + LOG.error("<== RangerServiceSolr.validateConfig Error:" + e); + throw e; + } + } + if (LOG.isDebugEnabled()) { + LOG.debug("<== RangerServiceSolr.validateConfig Response : (" + ret + + " )"); + } + return ret; + } + + @Override + public List<String> lookupResource(ResourceLookupContext context) + throws Exception { + + ServiceSolrClient serviceSolrClient = ServiceSolrConnectionMgr + .getSolrClient(serviceName, configs); + return serviceSolrClient.getResources(context); + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/plugin-solr/src/main/java/org/apache/ranger/services/solr/client/ServiceSolrClient.java ---------------------------------------------------------------------- diff --git a/plugin-solr/src/main/java/org/apache/ranger/services/solr/client/ServiceSolrClient.java b/plugin-solr/src/main/java/org/apache/ranger/services/solr/client/ServiceSolrClient.java new file mode 100644 index 0000000..d1b8e55 --- /dev/null +++ b/plugin-solr/src/main/java/org/apache/ranger/services/solr/client/ServiceSolrClient.java @@ -0,0 +1,292 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.services.solr.client; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.LinkedHashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.concurrent.Callable; +import java.util.concurrent.TimeUnit; + +import org.apache.log4j.Logger; +import org.apache.ranger.plugin.client.BaseClient; +import org.apache.ranger.plugin.service.ResourceLookupContext; +import org.apache.ranger.plugin.util.TimedEventUtil; +import org.apache.solr.client.solrj.SolrClient; +import org.apache.solr.client.solrj.SolrQuery; +import org.apache.solr.client.solrj.request.CollectionAdminRequest; +import org.apache.solr.client.solrj.request.CoreAdminRequest; +import org.apache.solr.client.solrj.response.CollectionAdminResponse; +import org.apache.solr.client.solrj.response.CoreAdminResponse; +import org.apache.solr.client.solrj.response.QueryResponse; +import org.apache.solr.common.params.CoreAdminParams.CoreAdminAction; +import org.apache.solr.common.util.SimpleOrderedMap; + +public class ServiceSolrClient { + public static final Logger LOG = Logger.getLogger(ServiceSolrClient.class); + + enum RESOURCE_TYPE { + COLLECTION, FIELD + } + + SolrClient solrClient = null; + boolean isSolrCloud = false; + + String serviceName = null; + private static final String errMessage = " You can still save the repository and start creating " + + "policies, but you would not be able to use autocomplete for " + + "resource names. Check server logs for more info."; + + private static final String COLLECTION_KEY = "collection"; + private static final String FIELD_KEY = "column"; + private static final long LOOKUP_TIMEOUT_SEC = 5; + + public ServiceSolrClient(String serviceName, SolrClient solrClient, + boolean isSolrCloud) { + this.solrClient = solrClient; + this.isSolrCloud = isSolrCloud; + this.serviceName = serviceName; + + } + + public HashMap<String, Object> testConnection() throws Exception { + String errMsg = errMessage; + boolean connectivityStatus = false; + HashMap<String, Object> responseData = new HashMap<String, Object>(); + + try { + getCollectionList(null); + // If it doesn't throw exception, then assume the instance is + // reachable + String successMsg = "TestConnection Successful"; + BaseClient.generateResponseDataMap(connectivityStatus, successMsg, + successMsg, null, null, responseData); + } catch (IOException e) { + LOG.error("Error connecting to Solr. solrClient=" + solrClient, e); + String failureMsg = "Unable to connect to Solr instance." + + e.getMessage(); + BaseClient.generateResponseDataMap(connectivityStatus, failureMsg, + failureMsg + errMsg, null, null, responseData); + + } + + return responseData; + } + + public List<String> getCollectionList(List<String> ignoreCollectionList) + throws Exception { + if (!isSolrCloud) { + return getCoresList(ignoreCollectionList); + } + + CollectionAdminRequest request = new CollectionAdminRequest.List(); + CollectionAdminResponse response = request.process(solrClient); + + List<String> list = new ArrayList<String>(); + for (int i = 0; i < response.getCollectionStatus().size(); i++) { + if (ignoreCollectionList == null + || !ignoreCollectionList.contains(list.get(i))) { + list.add(list.get(i)); + } + } + return list; + } + + public List<String> getCoresList(List<String> ignoreCollectionList) + throws Exception { + CoreAdminRequest request = new CoreAdminRequest(); + request.setAction(CoreAdminAction.STATUS); + CoreAdminResponse cores = request.process(solrClient); + // List of the cores + List<String> coreList = new ArrayList<String>(); + for (int i = 0; i < cores.getCoreStatus().size(); i++) { + if (ignoreCollectionList == null + || !ignoreCollectionList.contains(cores.getCoreStatus() + .getName(i))) { + coreList.add(cores.getCoreStatus().getName(i)); + } + } + return coreList; + } + + public List<String> getFieldList(String collection, + List<String> ignoreFieldList) throws Exception { + // TODO: Best is to get the collections based on the collection value + // which could contain wild cards + String queryStr = ""; + if (collection != null && !collection.isEmpty()) { + queryStr += "/" + collection; + } + queryStr += "/schema/fields"; + SolrQuery query = new SolrQuery(); + query.setRequestHandler(queryStr); + QueryResponse response = solrClient.query(query); + + List<String> fieldList = new ArrayList<String>(); + if (response != null && response.getStatus() == 0) { + @SuppressWarnings("unchecked") + List<SimpleOrderedMap<String>> fields = (ArrayList<SimpleOrderedMap<String>>) response + .getResponse().get("fields"); + for (SimpleOrderedMap<String> fmap : fields) { + String fieldName = fmap.get("name"); + if (ignoreFieldList == null + || !ignoreFieldList.contains(fieldName)) { + fieldList.add(fieldName); + } + } + } else { + LOG.error("Error getting fields for collection=" + collection + + ", response=" + response); + } + return fieldList; + } + + public List<String> getFieldList(List<String> collectionList, + List<String> ignoreFieldList) throws Exception { + + Set<String> fieldSet = new LinkedHashSet<String>(); + if (collectionList == null || collectionList.size() == 0) { + return getFieldList((String) null, ignoreFieldList); + } + for (String collection : collectionList) { + try { + fieldSet.addAll(getFieldList(collection, ignoreFieldList)); + } catch (Exception ex) { + LOG.error("Error getting fields.", ex); + } + } + return new ArrayList<String>(fieldSet); + } + + /** + * @param serviceName + * @param context + * @return + */ + public List<String> getResources(ResourceLookupContext context) { + + String userInput = context.getUserInput(); + String resource = context.getResourceName(); + Map<String, List<String>> resourceMap = context.getResources(); + List<String> resultList = null; + List<String> collectionList = null; + List<String> fieldList = null; + + RESOURCE_TYPE lookupResource = RESOURCE_TYPE.COLLECTION; + + if (LOG.isDebugEnabled()) { + LOG.debug("<== HiveResourceMgr.getHiveResources() UserInput: \"" + + userInput + "\" resource : " + resource + + " resourceMap: " + resourceMap); + } + + if (userInput != null && resource != null) { + if (resourceMap != null && !resourceMap.isEmpty()) { + collectionList = resourceMap.get(COLLECTION_KEY); + fieldList = resourceMap.get(FIELD_KEY); + } + switch (resource.trim().toLowerCase()) { + case COLLECTION_KEY: + lookupResource = RESOURCE_TYPE.COLLECTION; + break; + case FIELD_KEY: + lookupResource = RESOURCE_TYPE.FIELD; + break; + default: + break; + } + } + + if (userInput != null) { + try { + Callable<List<String>> callableObj = null; + final String userInputFinal = userInput; + + final List<String> finalCollectionList = collectionList; + final List<String> finalFieldList = fieldList; + + if (lookupResource == RESOURCE_TYPE.COLLECTION) { + // get the collection list for given Input + callableObj = new Callable<List<String>>() { + @Override + public List<String> call() { + List<String> retList = new ArrayList<String>(); + try { + List<String> list = getCollectionList(finalCollectionList); + if (userInputFinal != null + && !userInputFinal.isEmpty()) { + for (String value : list) { + if (value.startsWith(userInputFinal)) { + retList.add(value); + } + } + } else { + retList.addAll(list); + } + } catch (Exception ex) { + LOG.error("Error getting collection.", ex); + } + return retList; + }; + }; + } else if (lookupResource == RESOURCE_TYPE.FIELD) { + callableObj = new Callable<List<String>>() { + @Override + public List<String> call() { + List<String> retList = new ArrayList<String>(); + try { + List<String> list = getFieldList( + finalCollectionList, finalFieldList); + if (userInputFinal != null + && !userInputFinal.isEmpty()) { + for (String value : list) { + if (value.startsWith(userInputFinal)) { + retList.add(value); + } + } + } else { + retList.addAll(list); + } + } catch (Exception ex) { + LOG.error("Error getting collection.", ex); + } + return retList; + }; + }; + } + // If we need to do lookup + if (callableObj != null) { + synchronized (this) { + resultList = TimedEventUtil.timedTask(callableObj, + LOOKUP_TIMEOUT_SEC, TimeUnit.SECONDS); + } + } + } catch (Exception e) { + LOG.error("Unable to get hive resources.", e); + } + } + + return resultList; + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/plugin-solr/src/main/java/org/apache/ranger/services/solr/client/ServiceSolrConnectionMgr.java ---------------------------------------------------------------------- diff --git a/plugin-solr/src/main/java/org/apache/ranger/services/solr/client/ServiceSolrConnectionMgr.java b/plugin-solr/src/main/java/org/apache/ranger/services/solr/client/ServiceSolrConnectionMgr.java new file mode 100644 index 0000000..874fca5 --- /dev/null +++ b/plugin-solr/src/main/java/org/apache/ranger/services/solr/client/ServiceSolrConnectionMgr.java @@ -0,0 +1,60 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.services.solr.client; + +import java.util.HashMap; +import java.util.Map; + +import org.apache.log4j.Logger; +import org.apache.solr.client.solrj.SolrClient; +import org.apache.solr.client.solrj.impl.HttpSolrClient; + +public class ServiceSolrConnectionMgr { + public static final Logger LOG = Logger + .getLogger(ServiceSolrConnectionMgr.class); + + static public ServiceSolrClient getSolrClient(String serviceName, + Map<String, String> configs) throws Exception { + String url = configs.get("solr.url"); + if (url != null) { + SolrClient solrClient = new HttpSolrClient(url); + ServiceSolrClient serviceSolrClient = new ServiceSolrClient( + serviceName, solrClient, false); + return serviceSolrClient; + } + // TODO: Need to add method to create SolrClient using ZooKeeper for + // SolrCloud + throw new Exception("Required properties are not set for " + + serviceName + ". URL or Zookeeper information not provided."); + } + + /** + * @param serviceName + * @param configs + * @return + */ + public static HashMap<String, Object> testConnection(String serviceName, + Map<String, String> configs) throws Exception { + ServiceSolrClient serviceSolrClient = getSolrClient(serviceName, + configs); + return serviceSolrClient.testConnection(); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index a93cd73..e0345cb 100644 --- a/pom.xml +++ b/pom.xml @@ -87,6 +87,7 @@ <module>hive-agent</module> <module>knox-agent</module> <module>storm-agent</module> + <module>plugin-solr</module> <module>plugin-yarn</module> <module>ranger_solrj</module> <module>security-admin</module> @@ -158,7 +159,7 @@ <security-agent-install-dir>hadoop-security/plugins</security-agent-install-dir> <slf4j-api.version>1.7.5</slf4j-api.version> <!--<solr.version>5.0.0</solr.version>--> - <ranger.solrj.version>0.4.0</ranger.solrj.version> + <ranger.solrj.version>${project.version}</ranger.solrj.version> <springframework.spring.version>2.5.6</springframework.spring.version> <!-- <springframework.spring.version>3.1.3.RELEASE</springframework.spring.version> @@ -364,6 +365,7 @@ <descriptor>src/main/assembly/knox-agent.xml</descriptor> <descriptor>src/main/assembly/storm-agent.xml</descriptor> <descriptor>src/main/assembly/plugin-yarn.xml</descriptor> + <descriptor>src/main/assembly/plugin-solr.xml</descriptor> <descriptor>src/main/assembly/admin-web.xml</descriptor> <descriptor>src/main/assembly/usersync.xml</descriptor> <descriptor>src/main/assembly/migration-util.xml</descriptor> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java index 8e6aa3f..4cad883 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java @@ -167,7 +167,7 @@ public class ServiceMgr { private static Map<String, Class<RangerBaseService>> serviceTypeClassMap = new HashMap<String, Class<RangerBaseService>>(); @SuppressWarnings("unchecked") - private Class<RangerBaseService> getClassForServiceType(RangerServiceDef serviceDef) { + private Class<RangerBaseService> getClassForServiceType(RangerServiceDef serviceDef) throws Exception { if(LOG.isDebugEnabled()) { LOG.debug("==> ServiceMgr.getClassForServiceType(" + serviceDef + ")"); } @@ -201,6 +201,8 @@ public class ServiceMgr { serviceTypeClassMap.put(serviceType, ret); } catch (Exception excp) { LOG.warn("ServiceMgr.getClassForServiceType(" + serviceType + "): failed to find service-class '" + clsName + "'. Resource lookup will not be available", excp); + //Let's propagate the error + throw new Exception(serviceType + " failed to find service class " + clsName + ". Resource lookup will not be available. Please make sure plugin jar is in the correct place."); } } else { if(LOG.isDebugEnabled()) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/security-admin/src/main/resources/sample.xa_system.properties ---------------------------------------------------------------------- diff --git a/security-admin/src/main/resources/sample.xa_system.properties b/security-admin/src/main/resources/sample.xa_system.properties index 8043ef8..a4bbe84 100644 --- a/security-admin/src/main/resources/sample.xa_system.properties +++ b/security-admin/src/main/resources/sample.xa_system.properties @@ -38,11 +38,18 @@ xa.logs.base.dir=user.home xa.scheduler.enabled=true +#Audit Destination (solr or db) +xa.audit.store=solr + # DB Info for audit_DB auditDB.jdbc.driver=net.sf.log4jdbc.DriverSpy auditDB.jdbc.url=jdbc:log4jdbc:mysql://localhost:3306/xasecure auditDB.jdbc.user= auditDB.jdbc.password= +#Solr info for solr audit +xa.audit.solr.url= + + #http http.enabled=true \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2dc01d08/src/main/assembly/plugin-solr.xml ---------------------------------------------------------------------- diff --git a/src/main/assembly/plugin-solr.xml b/src/main/assembly/plugin-solr.xml new file mode 100644 index 0000000..954ea52 --- /dev/null +++ b/src/main/assembly/plugin-solr.xml @@ -0,0 +1,157 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<assembly> + <id>solr-plugin</id> + <formats> + <format>tar.gz</format> + <format>zip</format> + </formats> + <baseDirectory>${project.name}-${project.version}-solr-plugin</baseDirectory> + <includeBaseDirectory>true</includeBaseDirectory> + <moduleSets> + <moduleSet> + <binaries> + <includeDependencies>false</includeDependencies> + <unpack>false</unpack> + <directoryMode>755</directoryMode> + <fileMode>644</fileMode> + <dependencySets> + <dependencySet> + <outputDirectory>/lib</outputDirectory> + <unpack>false</unpack> + <includes> + <include>commons-configuration:commons-configuration:jar:${commons.configuration.version}</include> + <include>org.apache.hadoop:hadoop-common:jar:${hadoop-common.version}</include> + <include>org.apache.hadoop:hadoop-common-plus:jar:${hadoop-common.version}</include> + <include>com.google.code.gson:gson</include> + <include>org.eclipse.persistence:eclipselink</include> + <include>org.eclipse.persistence:javax.persistence</include> + <include>commons-collections:commons-collections</include> + <include>com.sun.jersey:jersey-bundle</include> + <include>commons-logging:commons-logging:jar:${commons.logging.version}</include> + <include>com.google.guava:guava:jar:${guava.version}</include> + <include>org.apache.httpcomponents:httpclient:jar:${httpcomponent.httpclient.version}</include> + <include>org.apache.httpcomponents:httpcore:jar:${httpcomponent.httpcore.version}</include> + <include>org.apache.httpcomponents:httpmime:jar:${httpcomponent.httpmime.version}</include> + <include>org.noggit:noggit:jar:${noggit.version}</include> + </includes> + </dependencySet> + <dependencySet> + <outputDirectory>/install/lib</outputDirectory> + <unpack>false</unpack> + <directoryMode>755</directoryMode> + <fileMode>644</fileMode> + <includes> + <include>commons-cli:commons-cli</include> + <include>commons-collections:commons-collections</include> + <include>commons-configuration:commons-configuration:jar:${commons.configuration.version}</include> + <include>commons-io:commons-io:jar:${commons.io.version}</include> + <include>commons-lang:commons-lang:jar:${commons.lang.version}</include> + <include>commons-logging:commons-logging</include> + <include>com.google.guava:guava:jar:${guava.version}</include> + <include>org.hamcrest:hamcrest-all</include> + <include>junit:junit</include> + <include>org.slf4j:slf4j-api:jar:${slf4j-api.version}</include> + <include>org.apache.hadoop:hadoop-common:jar:${hadoop-common.version}</include> + <include>org.apache.hadoop:hadoop-auth:jar:${hadoop-common.version}</include> + <include>security_plugins.ranger-plugins-cred:ranger-plugins-cred</include> + <include>org.apache.ranger:credentialbuilder</include> + </includes> + </dependencySet> + </dependencySets> + <outputDirectory>/lib</outputDirectory> + </binaries> + <includes> + <include>org.apache.ranger:ranger_solrj</include> + <include>security_plugins.ranger-plugins-audit:ranger-plugins-audit</include> + <include>security_plugins.ranger-plugins-cred:ranger-plugins-cred</include> + <include>security_plugins.ranger-plugins-impl:ranger-plugins-impl</include> + <include>security_plugins.ranger-plugins-common:ranger-plugins-common</include> + <include>security_plugins.ranger-solr-plugin:ranger-solr-plugin</include> + </includes> + </moduleSet> + <moduleSet> + <binaries> + <includeDependencies>false</includeDependencies> + <outputDirectory>/install/lib</outputDirectory> + <unpack>false</unpack> + </binaries> + <includes> + <include>security_plugins.ranger-plugins-installer:ranger-plugins-installer</include> + <include>org.apache.ranger:credentialbuilder</include> + </includes> + </moduleSet> + </moduleSets> + <fileSets> + <!-- conf.templates for enable --> + <fileSet> + <outputDirectory>/install/conf.templates/enable</outputDirectory> + <directory>plugin-solr/conf</directory> + <excludes> + <exclude>*.sh</exclude> + </excludes> + <fileMode>700</fileMode> + </fileSet> + <fileSet> + <outputDirectory>/install/conf.templates/disable</outputDirectory> + <directory>plugin-solr/disable-conf</directory> + <fileMode>700</fileMode> + </fileSet> + <fileSet> + <outputDirectory>/install/conf.templates/default</outputDirectory> + <directory>plugin-solr/template</directory> + <fileMode>700</fileMode> + </fileSet> + <!-- version file --> + <fileSet> + <outputDirectory>/</outputDirectory> + <directory>${project.build.outputDirectory}</directory> + <includes> + <include>version</include> + </includes> + <fileMode>444</fileMode> + </fileSet> + </fileSets> + <!-- enable/disable script for Plugin --> + <files> + <file> + <source>agents-common/scripts/enable-agent.sh</source> + <outputDirectory>/</outputDirectory> + <destName>enable-solr-plugin.sh</destName> + <fileMode>755</fileMode> + </file> + <file> + <source>agents-common/scripts/enable-agent.sh</source> + <outputDirectory>/</outputDirectory> + <destName>disable-solr-plugin.sh</destName> + <fileMode>755</fileMode> + </file> + <file> + <source>plugin-solr/scripts/install.properties</source> + <outputDirectory>/</outputDirectory> + <destName>install.properties</destName> + <fileMode>755</fileMode> + </file> + <file> + <source>plugin-solr/scripts/solr-plugin-install.properties</source> + <outputDirectory>/</outputDirectory> + <destName>solr-plugin-install.properties</destName> + <fileMode>755</fileMode> + </file> + </files> +</assembly>
